On Thu, 12 Nov 2020 09:27, A NiceBoy said: > 1. The solution is also in this report. Just install gpg version 2.0.x,
Don't! 2.0 reached end-of-life 3 years ago - there are no security fixes etc. You shall not use that version anymore. > Then you can see the algo changed to AES256 and digest changed to SHA512. If you want to convey secret keys do not rely on the passphrase protection of OpenPGP but use a secure transport channel. Which may be just a gpg encrypted file. The problem with the passphrase is that you need to transport a secure passphrase via another secured medium and in this case you can also a transport the secret key with a "weaker" passphrase. Whether you use SHA256 or SHA512 does not matter. The iteration count matters more but in any case you can't create better security from a weak passphrase - the iteration count is a failstop thing but not a proper cryptographic replacement for a weak passphrase. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users